Stateless authentication is token-based authentication. It's called 'stateless' because the server doesn't keep track of the authenticated users state. All authenticated requests to a server include a token. Since the server doesn't know anything about the authenticated user, it verifies that the request has a valid token.

JSON Web Tokens is an example of a token used in a stateless authentication scheme.


The most significant advantage of using stateless authentication is that it can be implemented in many different apps. If a product has a web app and a native app, the same backend can handle authentication in both systems.

Applications that offer API access can use token-based authentication. A company like Netlify has built an API that can be accessed using tokens. The Netlify app that is served at is a single-page application that consumes this API.

Using stateless authentication might decrease server load for larger applications because the server is not responsible for keeping track of each user's session.


Since the server doesn't keep track of any user state, it can be complicated to invalidate a token and revoke access. One way is to create a blacklist of invalid tokens. However, this method requires making calls to a database, thus removing some of the benefits of using stateless authentication.

Stateless authentication systems tend to be more complicated than stateful systems. When building the client, you have to manually handle things like storing the token, token expiration, etc.

Authentication scaffolding

Starter kits for Laravel, Vue and React.